Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

On July 10th Architelos released the first NameSentry Report, benchmarking abuse levels in the domain name industry. For some time now, a debate has raged about the potential impact of new gTLDs on Internet safety and security, namely abusive registrations such as phishing, spam, malware, and so on. However, without benchmarking the current state, how can we realistically evaluate if new gTLDs have made any measureable difference in the level of abuse?

The goal of the report was to establish a way to measure the level of abuse in the domain name space as a whole and across the top TLDs, in order to bring some transparency and encourage discussion and debate on what factors if any result in a safer namespace. The report is self-explanatory and can be downloaded from our site. The goal of this blog is not to reiterate the report findings, but to provide additional detail to the methodology we employed.

Before we get to the methodology, its important to note:

The NameSentry Report is the result of analysis of existing data from respected sources. The data comes from sources such as SURBL, Spamhaus, Internet Identity, ZeusTracker, Spyeye Tracker, Malware URL, and Malware Domain List. All of these data feeds/sources are widely available, and are trusted to measure and block abuse in thousands of enterprises worldwide.

Our analysis measures how many of a TLD's domains are being blocklisted as dangerous. This is an important and objective measure of trust and verifiable problems. It's also reflective of an important but unfortunate truth, which is that by the time a domain gets blocklisted, usually some harm has already taken place. How well or how fast those problems are mitigated is a separate (and interesting) matter, but one that requires hard-to-come-by additional data and we did not attempt to tackle it in this first report.

"Abuse" in the context of the report is defined as phishing, malware, and domains advertised in spam.

The data overwhelmingly contains domains registered with bad intent. A small percentage were registered to innocent registrants who had their servers hacked into. Often the same domain is listed by multiple sources, and/or is associated with multiple types of abuse. To avoid duplication, we simply counted the number of unique domains listed as abusive, be they 2nd level or delegated 3rd level registrations, that were flagged for at least one type of abuse by at least one source.

Principles and Goals

The first step was to establish some principles and goals from which we could then derive a methodology for analysis. Some of our key principles and goals were:

Fairness: Since the data was already available and created by leading authorities (see point #1 above), the key here is not the newness or availability of the data, but rather the fairness of the analysis. Therefore, all TLDs should be subject to the same measurement in evaluating the quality of their namespace vis-à-vis abuse.

Clarity: see points 3 and 4 above

Transparency: The report was published and available to all TLD registries on the same date. There were no previews of the analysis or report content with any TLD registries. This ensured that no one had any advantage or disadvantage, regardless of their rating. Everyone received the same information once the report was published.

Precedent: This kind of rating has long been used to measure abuse levels in ASNs, ISPs, and networks. It's been used to measure the prevalence of phishing in TLDs too. Our report is a basic benchmarking along those established lines.

Timeliness and Specificity: The report's analysis is based on data from January 1 to May 31 2013. This span of time is recent enough to be relevant and long enough to support analysis of trends.

Comprehensiveness: In order to apply a measure to the quality of the Internet namespace as a whole, we needed to account for over 99% of Internet domains. There are 257 million domains registered in over 300 TLDs, and we wanted to include all TLDs with over 100,000 Domains Under Management (DUM). This means our report had to focus on the largest 72 TLDs, which together account for 99% of the world's domains.

Methodology

The TLDs that comprise the Internet namespace vary widely in size. One challenge was to find the means to measure and compare TLDs with multi million domains under management with much smaller TLDs. Using actual TLD size and measuring abuse in absolute numbers would only provide part of the information, but would miss the larger picture. We settled on the choice of a logarithmic sale. A logarithmic scale can be helpful when the data covers a large range of values. Plus, the use of the logarithms of the values rather than the actual values reduces a wide range to a more manageable size. As a result, abuse was measured as "abuse-per-million" or specifically the number of unique 2nd level or 3rd level domains that were flagged for at least one type of abuse per million domains under management. This is similar to "part-per-million" which is one the most commonly used terms to describe very small amounts of contaminants in our environment. "Abuse-per-million" and "part-per-million" are measures of concentration, the amount of one material in a larger amount of another material. Using the logarithmic scale also allowed us to apply the same scale of measurement to each and every TLD, and indeed across the Internet namespace.

If the Internet has indeed become a utility that we rely on, then what measurements were already in use for other utilities such as air and water? Air Quality Index and Water Quality Index were easily communicable measurements that have been successfully used to evaluate relative safety and quality based on contaminants or pollutants on a parts per million basis. Assuming abusive domains are similar to pollutants in any given namespace, then a similar quality index could be used. We established the term "Namespace Quality Index" (NQI) since the same method of analysis and measurement could be applied to any given namespace: the Internet as a whole, any gTLD or ccTLD, any portfolio of domain names registered by a registrar, etc.

What's Next

We are pleased that the NameSentry Report has not only provided a means of measuring and evaluating any changes to the Internet namespace going forward (i.e. new gTLDs) but that it has also generated debate and discussion about what factors or combination of factors would lead to a high quality or "Green" NQI. We believe that there is no one lever (such as price, restrictive registration policies, or aggressive takedown policies) that achieves this result, but rather a careful calibration of multiple levers. The next NameSentry report will focus on drawing correlations between the various levers and outcomes to identify potential best practices that can be successfully employed by existing and new gTLDs. In the meantime we are focused on enhancing our analysis to better serve the community and therefore very interested in constructive feedback and critique. Please contact us at info@architelos.com or send us your questions via our "contact us” page.

By Alexa Raad, CEO of ArchitelosArchitelos provides consulting and managed services for clients applying for new top-level domains, ranging from new TLD application support to launch and turnkey front-end management of a new TLD. She can be reached directly at araad@architelos.com.

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Related

On 11 December 2017, about 25 participants from Europe and the US attended the public consultation for the brand new GDPR Domain Industry Playbook by eco (Association of the Internet Industry, based in Germany) at the representation of the German federal state Lower Saxony to the European Union in Brussels. The General Data Protection Regulation (GDPR) poses a challenge for the Registries, Registrars, Resellers and ICANN. more

A look into the past reveals that continuous developments in weaponry technology have been the reason for arms control conventions and bans. The banning of the crossbow by Pope Urban II in 1096, because it threatened to change warfare in favour of poorer peasants, the banning of poisoned bullets in 1675 by the Strasbourg Agreement, and the Geneva protocol banning the use of biological and chemical weapons in 1925 after world war 1, all prove that significant technological developments have caused the world to agree not to use certain weapons. more

A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more

Steeped deep in discussions around the European Union's General Data Protection Regulation (GDPR) for the past several months, it has occurred to me that I've been answering the same question for over a decade: "What happens if WHOIS data is not accessible?" One of the answers has been and remains the same: People will likely sue and serve a lot of subpoenas. This may seem extreme, and some will write this off as mere hyperbole, but the truth is that the need for WHOIS data to address domain name matters will not disappear. more

Given that it's been a few years since my last domain name year in review, I've really enjoyed looking back at this year's biggest domain name stories and seeing how this industry has evolved. This year, in particular, has seen some notable changes which are likely to impact the domain name landscape for years to come. So without further ado, here is my list for 2017. more

One of the problems with trying to secure systems is the lack of knowledge in the community about what has or hasn't worked. I'm on record as calling for an analog to the National Transportation Safety Board: a government agency that investigates major outages and publishes the results. In the current, deregulatory political climate, though, that isn't going to happen. But how about a voluntary system? more

The jurisprudence applied in adjudicating disputes between mark owners and domain name holders under the Uniform Domain Dispute Resolution Policy (UDRP) is essentially a system that has developed from the ground up; it is Panel-made law based on construing a simple set of propositions unchanged since the Internet Corporation for Assigned Names and Numbers (ICANN) implemented them in 1999. Its strength lies in its being a consensus-based rather than dictated jurisprudence. more

There was one message which overshadowed all discussions at the 5th Global Conference on Cyber Space (GCCS) in New Delhi in November 2017: Instability in cyberspace is as dangerous as climate change. With four billion Internet users and five trillion dollars annually in digital transactions, instability in cyberspace has the potential to ruin the world. more

History, it has been said, repeats itself. The same can be said of domain name disputes, as demonstrated by a pair of cases involving the same trademark ("Panavision") filed more than 20 years apart with remarkably similar facts. I can't hear the name "Panavision" without thinking about the origins of domain name disputes, so a decision involving panavision.org - coming more than two decades after litigation commenced over panavision.com - immediately made me nostalgic. more

The concept of a universal directory does not exist on the Internet. There are thousands of directories of all kinds and online Yellow Pages in many countries. All of these websites are different, accessed differently and operated differently: for example, Yellow Pages in France are different from their equivalent in Spain and Italy. There is no standard directory operated behind the same name worldwide. more

A recent study conducted by Brandsight has revealed that 28% of the top 500 most-highly trafficked sites now employ registry locking. In contrast, only 15% of the top 500 most highly-trafficked sites were leveraging registry locking in 2013. Back in 2013, only 356 of the top 500 most-highly trafficked sites could be registry locked, but that number has also risen significantly so that now 396 of the top 500 most-highly trafficked sites are eligible. more

There has lately been a number of long-held investor registered domain names transferred to complainants under the Uniform Domain Name Dispute Resolution Policy (UDRP). Two of the domain names were registered 23 years ago. This has provoked several commentators to complain that the UDRP is tilted in favor of mark owners and trademark-friendly panelists expressing hostility to the domain industry. I think we have to dig deeper than this. more

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? more

IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in and can be enabled with a few changes to network settings, as outlined on the organisation's website. more

Dictionary words, alone, combined as phrases, modified by other parts of speech, and single letters that function as marks also retain in parallel their common associations that others may use without offending third-party rights. As a rule of thumb, generic terms are not registrable as marks until they perceivably cross a threshold to suggestive and higher classifications. more

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead2607

A World-Renowned Source for Internet Developments. Serving Since 2002.